Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package windows :: Module address_resolver :: Class KernelModule
[frames] | no frames]

Class KernelModule

source code

A Windows kernel module.

Instance Methods
 
__init__(self, ldr_module=None, session=None)
x.__init__(...) initializes x; see help(type(x)) for signature		 source code
 
__str__(self)
str(x) (Inherited from rekall.plugins.common.address_resolver.Module)		 source code
 
build_local_profile(self, profile_name=None, force=False)
Fetch and build a local profile from the symbol server. (Inherited from rekall.plugins.windows.address_resolver.PEModule)		 source code
 
build_profile_from_exports(self)
Create a dummy profile from PE exports. (Inherited from rekall.plugins.windows.address_resolver.PEModule)		 source code
 
detect_guid_from_mapped_file(self)
Guess the guid for the PE file. (Inherited from rekall.plugins.windows.address_resolver.PEModule)		 source code
 
detect_guid_pe_header(self) (Inherited from rekall.plugins.windows.address_resolver.PEModule) source code
 
detect_profile_from_index(self) (Inherited from rekall.plugins.windows.address_resolver.PEModule) source code
 
detect_profile_from_session(self)
Get the module guid from the session cache. (Inherited from rekall.plugins.windows.address_resolver.PEModule)		 source code
 
detect_profile_name(self)
Try to figure out the profile name for this module. (Inherited from rekall.plugins.windows.address_resolver.PEModule)		 source code
 
load_profile(self, force=True) (Inherited from rekall.plugins.windows.address_resolver.PEModule) source code
 
reset(self) (Inherited from rekall.plugins.windows.address_resolver.PEModule) source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __subclasshook__

Properties
  profile (Inherited from rekall.plugins.windows.address_resolver.PEModule)

Inherited from object: __class__

Method Details

__init__(self, ldr_module=None, session=None)
(Constructor)

source code 

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__
(inherited documentation)

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:01 2017 http://epydoc.sourceforge.net